Government watchdog group has received many complaints about lost votes and missing candidate names on ballots

By Grant Gross, IDG News Service November 10, 2006

Government watchdog group Common Cause has called for an investigation of electronic voting machines used in Florida's 13th congressional district because of 18,000 missing votes.

About 18,000 people who cast votes in other races in Tuesday's election failed to record a vote for either candidate for the U.S. House of Representatives. At last count, Republican candidate Vern Buchanan led Democratic candidate Christine Jennings by less than 400 votes in the race to succeed Republican Katherine Harris, who ran unsuccessfully for U.S. Senate.

Nearly 13 percent of voters in Sarasota County picked candidates in other races but did not choose a candidate in the House race. More than 35 callers to Common Cause's voter hotline left messages Tuesday saying the e-voting machines appeared to leave off a vote for Jennings on their summary screens, [and no one said anything? Bob] said Ben Wilcox, executive director of Common Cause Florida. In neighboring Manatee County, just 2 percent of voters did not cast a ballot in the congressional race.

Some voters caught the omission and were able to go back and vote again for Jennings, but others may have missed the problem, Wilcox said.

"Sarasota County election officials must conduct a revote," [a recount being impossible... Bob] Wilcox said. "The machines should be impounded, audited and tested to determine if voters were unable to cast a ballot and why. Sarasota County voters deserve an explanation."

Undervoting for top-of-the-ballot races on e-voting machines is typically under 1 percent, according to a study released this year by the Brennan Center for Justice.

The county did not require the Elections System and Software (ES&S) e-voting machines to include paper printouts to back up the electronic vote.

"This is part of the reason we've been calling for a paper trail," Wilcox said.

Ironically, Sarasota County voters on Tuesday approved a ballot measure requiring paper trail ballots to be used as a backup to the e-voting machines.

Sarasota County voters cast about 16,000 more votes in the Florida governor's race and in the Senate race than were recorded in the House race. About 4,000 more people cast ballots for the county's Southern District Hospital Board than were recorded in the House race.

One of the major advantages of using e-voting machines is they are supposed to make it for difficult for voters to undervote, e-voting advocates have long said.

Sarasota County will begin a recount in the race Monday. County Supervisor of Elections Kathy Dent didn't immediately return a phone call seeking comment on the undervote. An ES&S spokesman also didn't not immediately return a phone call.

Major electronic voting machine problems occurred in at least six U.S. states during the country's midterm elections, underscoring that system failure, not fraud, is the biggest issue facing future races, voting-rights activists and technologists said this week.

Machine problems delayed voting in many precincts in Colorado, Florida, Indiana, and Ohio, requiring election officials to keep the polls open late. Problems in Montana delayed the final tally of the results in that state, and in New Jersey, about 5 percent of machines had some sort of problem, though the issues were characterized as minor in news reports.

Okay guys, what's going on here? Is this an indication that a deal has been negotiated?

San Francisco, CA (AHN) - Former Hewlett-Packard Co ethics chief, Kevin Hunsaker, has pleaded not guilty to four felony charges in a case accusing him of carrying out a spy investigation into the company's board members and journalists.

Spokesman for California Attorney General Bill Lockyer, Tom Dresslar, said Hunsaker was brought before the court in a hearing that was unannounced in Santa Clara County Superior Court. This comes weeks before his scheduled court date on December 6.

... According to the AP, the defendants are now facing four felony counts including, "use of false or fraudulent pretenses to obtain confidential information from a public utility; unauthorized access to computer data; identity theft; and conspiracy to commit each of those crimes."

SECURITY is being reviewed at the Royal Bolton Hospital after thousands of pounds worth of computer equipment was stolen.

Thieves stole four computers thought to contain information on patients' pacemaker settings from the hospital's cardiology department [“Let's turn them up a bit and see what happens...” Bob] Police are working with the hospital in a bid to improve security following the thefts - which included laptop computers - over the weekend of October 7.

... She added: "A computer was stolen from pathology, one from the orthopaedic department, two from cardiology and two flat display screens from an outpatient waiting area.

"All the information on these computers was backed up elsewhere and therefore no information was lost.

Vital statistics and match performance details about Bradford Bulls' players have been stolen in a raid on the Super League team's offices.

Three computers on which exhaustive information about each of the club's players - from tries scored to conversions made and number-crunching statistics of their match prowess and fitness levels - were swiped by thieves early yesterday.

... Bulls media, PR and football manager Stuart Duffy said CCTV footage which had been passed on to the police showed the teenagers snooping around the club shop roof before breaking into the office.[Note to security guys: “Video recorders do not prevent theft.” Bob]

... "It's quite comprehensive information for us and it's not really of any use to anyone else," [Oh? Bob] said Mr Duffy.

... The laptop is used for administrative purposes and the information is not believed to be backed up so it would need collating again if it was not returned.

CALGARY - Alberta's privacy commissioner is investigating the theft of a laptop computer containing personal information on 1,000 children all mental health patients in Calgary.

Commissioner Frank Work announced Thursday he would examine security measures after the computer was stolen from a Calgary Health Region therapist's home [Why 1000 kids, is that a typical case load? Why was all that data at home? Bob] during a break and enter last month.

... But a three-step process for password authentication [Interesting. I haven't heard of a “3-step process” before, so I googled it and all I got was this article! Bob] on the laptop should protect the personal information on the laptop, according to CHR.

A NEW tracking system which can trace stolen computers was launched this week at Kingsfield School in Chatteris, where 15 laptops were stolen in June.

Six months earlier 16 laptops were stolen in another burglary.

Education ICT Service, a business unit of Cambridgeshire County Council has joined forces with Dell in a bid to reduce laptop thefts from schools.

Computertrace is a theft protection service that tracks, locates and recovers stolen computers.

Councillor John Powley, Cambridgeshire County Council's cabinet member for corporate services, said: "This is an exciting and innovative initiative which will be bad news for computer thieves. The software is embedded, undetectable and non removable. [Who cares? Steal the computer, reformat the hard drive and load Linux... Bob]

81% of U.S. businesses surveyed this year reported that, in the previous 12 months, at least one of their laptops or other portable electronic devices had been lost or stolen.U.S. Survey: Confidential Data at Risk, 5 Privacy & Security Law Report 1162 (2006). When a laptop is lost or stolen, unencrypted data on the computer can easily be accessed. Even if a user name and password are needed to sign on to the laptop, the hard drive can be removed in a few seconds and all data on the hard drive can be copied to another computer or to a storage device in minutes.

Despite the high risk sensitive data may be obtained from lost or stolen laptops, many businesses continue to allow employees to store such information on laptops and to take the laptops home, on business trips, and on vacations. Business managers should consider whether their current laptop security practices are sufficient. If a business’ trade secrets, attorney-client privileged information, customer lists, or financial information are obtained from a lost or stolen laptop, affected shareholders, employees, or business partners may argue that the business failed to take adequate steps to safeguard the data.

Avivah Litan, vice president and analyst at the Gartner Group, said in a recent interview: "Frankly, there is no excuse anymore not to encrypt data on laptops and mobile devices. . . . The cost for laptop encryption is $40 or less per laptop. . . . [T]here is no excuse today. It is really bordering on negligence."An Interview with Experts on the Cost of Ensuring Data Security, 6 Privacy Advisor 20, 23 (2006). Every company with sensitive data on mobile devices should consider whether the data should be encrypted.

Another issue must also be resolved by companies whose employees take laptops containing trade secret or privileged information across U.S. borders. Whether such information is encrypted or not, employees who travel across a U.S. border with company laptops should be prepared for U.S. Customs officers to ask to review files on the device. [What, exactly these dim-bulbs are looking for eludes me. Something that could not be emailed? Bob] Customs officers have apparently made several such requests. See Joe Sharkey, At U.S. Borders, Laptops Have No Privacy, N.Y. Times, October 24, 2006, at C 8. Both the Fourth and Ninth Circuit Courts of Appeal have held that Customs officers may conduct routine searches of laptops without a warrant, without probable cause, and without a reasonable suspicion of illegal conduct. [...to protect our rights? Bob]See United States v. Romm, 455 F.3d 990, 996-97 (9th Cir. 2006); United States v. Ickes, 393 F.3d 501, 503-07 (4th Cir. 2005). Although a trial court in the Ninth Circuit recently ruled that Customs officers may not search a laptop or other electronic files without at least a reasonable suspicion of wrongdoing, United States v. Arnold, 2006 WL 2861592 (C.D. Cal. October 2, 2006), appeal docketed, No. 06-50581 (9th Cir.October 23, 2006), it is unclear whether that decision will survive on appeal.

If Customs officers note that there are encrypted files on a laptop, they may ask travelers to decrypt the data or may retain the laptop to get a warrant to require that the decryption key be turned over to them. See Sharkey, at C 8; and this article from cybercrimelaw.org (via digg.com). To make sure that businesses are not temporarily denied access to important data, "some companies are considering telling travelers coming back into the country with sensitive information to encrypt it and email it to themselves, which at least protects access to the data, if not its privacy." Sharkey, at C 8. If a laptop with trade secrets or privileged information is retained for inspection by Customs, temporary lack of access to the data may not be the most serious problem on company officials’ minds.

A possible solution, both to the risk that data may be obtained by a thief or by someone who finds a lost laptop and to the potential disclosure of highly sensitive data during border searches, is to stop storing sensitive data on laptops. Such data can be stored on company servers and accessed via a VPN. Whether encrypting confidential data on laptops or never storing such data on laptops is chosen as the means to protect the information, company officials should make sure they are doing all they can to protect confidential data.

Convenient Timing: Politician's Computer 'Crashed' And Deleted Everything Just As Investigators Asked To See It

from the how-convenient dept

Don't you just love convenient timing? The Raw Feed points us to a corruption case involving a commissioner in Hollywood, Florida. He apparently helped a company win an $18 million "sludge-handling" contract. However, just as investigators went to search his computer it was conveniently "wiped clean". He claims it just crashed, even though that crash (conveniently, again) was so thorough that no data was recoverable from the drive even after being sent to various data recovery shops. Not surprisingly, this is raising a few eyebrows, though his lawyer insists that if the guy was really trying to hide info, he would have just "thrown out" the computer. [rather than just replacing the hard drive? Bob]

Fortunately, we in America can read all of these without being considered terrorists – just don't have any Democrat propaganda (until January)

Posted by Zonk on Friday November 10, @06:31PM from the more-you-know dept. The Internet Privacy

Terror Alert Brown writes "Reuters is reporting that a UK woman has been charged as a terrorist because of computer files on her hard drive. According to the article, these files included 'the Al Qaeda Manual, The Terrorists Handbook, The Mujahideen Poisons Handbook, a manual for a Dragunov sniper rifle, and The Firearms and RPG Handbook.' She was picked up in connection with the plot stopped in August to detonate explosives in airplanes flying out of Heathrow airport. Now might be a good time to delete any copies of the Anarchist's Cookbook you once read for amusement and still have floating around on your hard drive."

(Business 2.0 Magazine) -- Free Internet phone service was always likely to change the world - but until recently we had no idea how. A little more than a year after eBay bought Skype for $2.6 billion, the service has become a business tool on a surprising scale.

A million people worldwide, 300,000 of them in the United States, will rely on Skype as their primary means of business communication in 2007, according to telecom analyst Albert Lin at American Technology Research. And those are just the power users: Skype says nearly a third of its 113 million users now log on to make work-related calls.

Who says people in the porn industry aren't innovative? Smart may be in question, but not innovative.

While internet scams have changed and adapted over the years, from the beginning a popular target has always been folks who are viewing porn -- on the assumption that if they get scammed, they're less likely to then report it out of some sort of embarrassment. It appears that applies over in Korea as well, where the operators of a phone sex company hacked into their competitors' computers, accessed the personal information of over 8 million people, and started sending them "lascivious text messages." Specifically, they searched through the computer systems of over 60 different competitors, to figure out which were their "superior clients" (those who spent over an hour on the phone) and targeted those clients with more specific text messages. Even better, they did this by registering phones in the names of homeless people, so that they wouldn't have to pay the bills. Of course, it seems that they were found out and have now been arrested for the scam.

There are many alternatives to using Microsoft Windows and the applications that are made for it. One of the more popular alternatives is the Linux operating system. Just about everything you can do in Windows, you can do in Linux, sometimes even better and with more control. Linux has been around for quiet a long time, so its no surprise that there are a ton of applications out there that offer the same type of functionality that many of our favorite Windows applications have. This article takes a look at some of the most popular software applications used in Microsoft Windows and compares them with some alternatives that get the same job done.

Don't forget to read today's Dilbert on the reliability of corporate data.

Welcome to the Pen Spinning Conclave at psconclave.com, a wiki dedicated to the art of pen spinning! Pen Spinning is a fast growing subdiscipline of contact juggling which uses only a pen or pencil, the fact it can be performed practically anywhere contributes to its rising popularity.

There are many pen spinning tricks and combinations to learn, pen modifications to make, and history to reflect on. Visit the help pages or create an account to get started.

For Beginners, if you do not know which pen tricks to learn first, start with the 4 fundamentals of pen spinning, then continue from there. A guide for a learning order is always under contruction as new tricks are invented and added. However there is no set tricks to learn, if you see one you like, then go for it! Spend some time and read through the guide, then spend some more time perfecting it.

Dennis Dallas mentioned this yesterday and I had to research it to see if the source was Comedy Central.

TORONTO (Reuters)—Sore thumbs after spending hours on a hand-held e-mail device? Sounds like a case of "BlackBerry Thumb"—but help is at hand.

The Hyatt hotel chain found so many of their business travelers were complaining of hand and arm discomfort that they have introduced a special "BlackBerry Balm" hand massage at most of their North American spas.

... Hedge recommended preventive measures like holding the device comfortably in the hands and close to the body, and not typing for more than five minutes without a break.

"Don't type "War and Peace" with your thumbs! If you need to type long messages use and external keyboard for the device," Hedge said by e-mail.

Remember that greeting card company and famous-in-the-late-90s website Blue Mountain Arts? Well the extremely talented and philanthropic founders have started a learning-to-read website, totally free, called Starfall.com. My daughters, ages 6 and 7, have literally gotten more educational value out of this than their schools. And now their schools are using it in their classes once a week! Super site, makes the most out of flash and audio on a broadband connection, and really a treasure for young kids (aimed at first graders and below) who want to get going with reading (at no cost).

No Major E-Voting Problems, Huh? Then Where Are Florida's Missing Votes?

from the just-asking dept

In one of the stories we spotted yesterday about e-voting glitches, it was amusing to see (at the very, very bottom) the idea that "no major problems" were reported for e-voting in Florida. Florida and Ohio, of course, are the two places where e-voting stories have raised the most questions, and there had already been a number of reports of e-voting problems in Florida voting last week when their early polls opened. So, it looks like ABC may need to revise that "no major problems" report, as the EFF points us to a report saying that 13% of the electronic responses in Sarasota County included no vote for Congressional Representative. That means that somewhere between 8,000 to 10,000 people [the margin of victory? Bob] who voted for other things, like governor, appear to have not voted for House Representative -- and no one seems to have a good explanation. It's certainly possible that all those people decided to go "none of the above," but it seems unlikely -- especially since similar undervoting was not seen in other counties covered by the same Congressional district. Also, there were complaints all day about the e-voting machines not properly recording votes in that county. So, while people are asking for a recount... there's nothing to recount since the machines did not record the votes. Amusingly, the EFF also notes that the very same county had a referendum on the ballot about the e-voting machines, and the people overwhelmingly voted to scrap the machines and bring back paper ballots. So what was it the press was just saying about no major glitches with e-voting?

While it's still not clear who is suing Google over their video offering, it's clear that plenty of rights holders are looking for some sort of payout similar to what YouTube gave the record labels. However, as we noted with Microsoft's decision to pay out to Universal Music, once you start down this route, everyone is going to want a piece of you from all over the world representing all different groups of all different sizes. So, for example, it should come as no surprise to find out that the German Society for Musical Performing and Mechanical Reproduction Rights has now joined the handout line, demanding royalties from YouTube/Google. Of course, part of the problem is that YouTube made this possible by giving those few labels money in the first place, rather than sticking to the letter of the law which says they're not liable for content uploaded by users. They can still make that claim, and perhaps that's what they'll do if this goes to court, but in the meantime, they're going to be facing a ton of random players (small and large) who are all going to demand a cut.

As “full hard drive” encryption becomes easier, it might be useful to think of the downside. What happens if individuals encrypt the only copy of a “critical document?” Look for centralized control of all encryption keys, and look for hackers going for that file first.

Posted by Zonk on Thursday November 09, @06:02PM from the battening-down-the-hatches dept. Windows United States

IO ERROR writes "Patrick Svenburg, program manager for Windows Client Solutions in Microsoft Federal, answered questions from government IT managers today about the upcoming Windows Vista release. Many of the questions were about BitLocker, Microsoft's new drive encryption technology, as well as other security questions, upgrading from Windows XP, IPv6 deployment and more. Svenburg is a member of the Windows Vista Launch Team and is leading early adoption efforts for Windows Vista within the Federal community, according to Government Computer News."

Think this is “interesting but not consequential?” Read the next article.

Posted by CowboyNeal on Thursday November 09, @11:46PM from the brave-new-world dept. The Internet Data Storage

prostoalex writes "Wired magazine has coined a new term for the massive data centers built in Pacific Northwest by Google, Microsoft and Yahoo! Cloudware is, ironically, a return of the centralized data and bandwidth power houses caused by decentralized and distributed nature of the Internet. George Gilder thinks we're witnessing something monumental: 'According to Bell's law, every decade a new class of computer emerges from a hundredfold drop in the price of processing power. As we approach a billionth of a cent per byte of storage, and pennies per gigabit per second of bandwidth, what kind of machine labors to be born? How will we feed it? How will it be tamed? And how soon will it, in its inevitable turn, become a dinosaur?'"

Data repository would make structured data available to application developers and Internet entrepreneurs

By Juan Carlos Perez, IDG News Service November 09, 2006

MySQL AB wants to launch a global project to build a massive, distributed repository containing all of the world's data now stored in structured databases, the company's chief executive officer said Thursday.

While search engines like the one from Google Inc. aim to give people access to unstructured data on the Web, this "database in the sky" would make available structured data to application developers and Internet entrepreneurs, said Marten Mickos at the Web 2.0 Summit in San Francisco.

The data repository would be to database access what eBay Inc.'s Skype is to Internet telephony, and it would create the next-generation OLAP (online analytical processing) engine for data analysis and discovery, Mickos said.

The project seeks to apply the open-source model to data, so that developers worldwide could share and aggregate data, Mickos said. "Then the data would be the platform," Mickos said. He envisions, for example, being able to tap into all of the world's structured databases that have weather information.

It would probably be required to build "a DNS of SQL servers," address likely routing obstacles and make data definitions understandable and accessible to others, Mickos said. It would also be necessary for the data owners to have a willingness to make their database contents available.

But the most important ingredient will be to assemble a community of collaborators and volunteers willing to work on the project. The database wouldn't be monolithic but rather function on a peer-to-peer principle, he said.

Curious. As I read this, Microsoft has purchased a company that secures its operating system rather than correct the problem internally. Does this mean they don't consider the effort worth their time or that they had no clue there was a problem, so they had no clue how to fix it?

Nearly four months after hiring Sony rootkit whistleblower Mark Russinovich, Microsoft has moved his company's software to its Web site and has released a new Windows system tool that can help fight hackers.

The freeware products, now known as Windows Sysinternals were made available on Microsoft's Web site earlier this week. They are based on the code that Russinovich and Bryce Cogswell had been distributing on Sysinternals.com before Microsoft bought their company, Winternals Software, in July.

Original Tools Updated

"The tools are the same as what was on the original Sysinternal site with the exception of some updates and the release of Process Monitor," said Russinovich in an e-mail interview. Process Monitor is new software, based on code from two Sysinternals tools, which keeps track of activity on the Windows file system and registry and is designed to help Windows administrators with troubleshooting and malware detection.

Russinovich and Cogswell founded Winternals in 1996, and have since produced a number of widely used system-recovery and performance-tuning products.

Russinovich made international headlines last November after he discovered that copy protection software that Sony had been distributing with millions of CDs was cloaking itself using undetectable "rootkit" software. Sony was ultimately forced to recall the affected CDs after hackers began using the rootkit to hide malicious code.

Russinovich's popular blog, along with his original posting on the Sony rootkit have been moved to Microsoft's Technet Web site.

No Source Code

One aspect of the Sysinternals.com Web site that did not survive the transition to Microsoft is the free source code that Cogswell and Russinovich had made available for some of their tools.

These tools were not often downloaded, however, Russinovich said. That fact, "combined with the Microsoft requirement of having all published source scrubbed for security ... and compatibility issues, drove the decision not to move it forward," he said.

“It's not our fault! We asked them not to violate their customers' privacy.”

Installed on a smart phone or ultramobile PC, location-aware software can use GPS technology to produce tailored information like driving directions, nearby restaurants and movie schedules. The downside of that feature is that handsets can double as tracking devices if location data is not kept private. The abuse of such access could range from civil liberties violations to physical threats in the cases of vulnerable people like battered spouses, Intel fears.

So, Intel has added a privacy addendum to the Eclipse Public License it uses for the software application called Privacy Observant Location System (POLS), according to a posting on Intel's Web site by John Miller, the privacy and security policy manager of Intel's corporate technology group.

The addendum says that vendors must inform the end-user what information is recorded and how long it is stored, and it requires developers to include opt-out capability so users can change those settings, Miller said.

Compelling Ethics

POLS is a tool for mobile application developers that determines its location by triangulating between nearby radio beacons such as GSM cells or Wi-Fi access points. Most location-aware devices use different approaches, relying on the wireless provider to track every device, or on GPS chips, which can have poor reception in dense cities.

While Intel's ethics concerns are compelling, the market may be slow to react to this initiative because so few customers actually use location-based technology, analysts say.

Only 10 percent of the PDAs sold today are equipped with internal GPS antennas, and most of those are in Europe, where the more complex roads and diversity of languages have made street mapping a larger market, said Todd Kort, principal analyst for Gartner Dataquest.

In contrast, nearly 90 percent of CDMA phones from Sprint Nextel and Verizon offer assisted-GPS technology, which relies on Intel's type of cell tower navigation technique. But most users don't know it exists or have chosen not to use it, he said.

"It's great that it's there, and someday we'll appreciate it, but it is something that's in the back of Americans' minds and will not be a driving force for sales," Kort said.

Software Developers Have Control

In the meantime, Intel faces a continuing challenge as it must convince developers to abide by its privacy initiative. The new addendum is useless if software developers don't obey it, so the company has begun a campaign to build support in the open-source community.

"We believe that a bottoms-up effort to encourage the development of privacy-sensitive social norms is necessary, and in fact critical, for both privacy and public adoption of the technology," Miller said.

Not a trivial question. If Osama bin Laden owns his location, do we violate copyright by targeting a smart bomb?

Location-based services have long been a hot topic in wireless, even if they've largely failed to live up to the ridiculous level of hype thus far. However, even though relatively few handsets currently have the ability to pinpoint users' locations with the accuracy of GPS, operators do keep less detailed location information, such as the towers from which calls are made or messages sent. This information is used for different reasons, such as billing, and is more commonly being used by law enforcement as forensic evidence. One researcher who was called as an expert witness in a trial recently to help explain such evidence is now wondering just who owns that location information. Obviously in criminal cases, it must be subpoenaed from an operator, but the researcher says his operator won't even provide him with the location info they have regarding his own calls. It's also unclear what operators' policies are with this information. Some operators are already delivering aggregated location information to companies that use it to determine how road traffic is moving. While this is anonymous, general data, what if operators decided they could start a nice new revenue line by selling individual information to anybody who wanted it? As location-based services proliferate, these sorts of questions are bound to pop up more frequently. While the services do have the potential to be very useful, they'll also need to come with safeguards that allow people to control who can see their location data and how it can be used.

News Analysis: Companies should look closely at how they manage their databases to make the compliance auditing process less painful and more cost-effective, analysts contend.

NEW YORK—Analysts in the field of regulatory compliance say enterprises should increasingly build their IT auditing processes around database governance efforts.

... Among the technologies utilized to help forward such efforts are software tools used for tracking the manner in which employees are looking at files, and how they behave while logged into databases.

In addition to increasing companies' security by providing a method of detecting an potential misuse of database information, the technologies provide the type of detailed paper trail that compliance auditors demand when inspecting enterprise operations, said Paul Proctor, analyst with Gartner, in Stamford, Conn.

November 7, 2006: "NIST is proud to announce the release of Special Publication 800-100, Information Security Handbook: A Guide for Managers. The purpose of this publication is to inform members of the information security management team [agency heads, chief information officers (CIO), senior agency information security officers (SAISO), and security managers] about various aspects of information security that they will be expected to implement and oversee in their respective organizations. (176 pages, PDF)

I've repeatedly mentioned how easy it is to get at this data. Now you don't have to pretend you've never seen it!

Press release: "Lawyers who receive electronic documents are free to look for and use information hidden in metadata – information embedded in electronically produced documents – even if the documents were provided by an opposing lawyer, according to a new ethics opinion from the American Bar Association."

It's all about getting even. “This virus brought to you by ____[enter name of person you dislike here]_____ .”

... After being utterly frustrated by the inability to bypass Prevx's dedicated disinfection tool, Gromozon's authors decided to attack on another front. In the latest variants of Gromozon, whenever an analysis tool, such as our F-Secure BlackLight, or more generically a "banned" application is detected, the malware itself will present the user with a lovely message that leads him to believe that the source behind the malware are the guys from Prevx, and especially Marco Giuliani - one of the first security researchers to study Gromozon in depth and to provide a disinfection tool.

Despite the major financial scandals from a few years ago, embodied most famously by the collapse of Enron, there's good reason to think that the resulting Sarbanes-Oxley regulation was a poor response to the problem that ultimately had the effect of making the US a worse place to do business. Apparently, ex-Federal Reserve Chairman Alan Greenspan agrees, calling parts of the bill a "nightmare". He also said some interesting things about the nature of financial reporting, noting that it was something of an art form, which makes it hard to believe that we'll ever have real-time financial reporting. Greenspan added that he's optimistic that certain parts of the law will be changed, noting that some of the incoming Democratic leadership are open to the idea. It's good to hear him speaking up, but we wonder why he waited until he was out of office to let his opinions be known. Perhaps at the time he didn't feel it was his place to talk about it, or maybe it's just a matter of now having some hindight. Unfortunately, it's always easier to get things passed than to get them repealed.

Think of them as ring tones for your computer based phone system. When you lawyer calls, use the Jack Nicholson clip, and use Brando is you ever get a call from John Kerry?

Fans can choose, for example, to have Nicholson appear barking "You can't handle the truth!" (in A Few Good Men) or Marlon Brando declaring "I could have been a contender" (in On the Waterfront).

... To avoid court battles, some video sites are trying to strike content-sharing deals with studios and music labels.

That's what Sony said it is after with Grouper's new "ScreenBites" channel. By offering famous scenes from hit films for free, Sony is hoping fans will be prompted to buy the full-length movie, the company said in a statement. [Sony thought of this all by themselves? Wow! Bob]

... Sony and Grouper plan to offer many more clips from Sony's library and eventually offer them for people to include in homemade videos.

"The challenge with that is making sure that we have the right commerce model," Felser said. "We want the copyright holder to feel good about it. Remember, a lot of this works because it's promotional. Sony is promoting the sale of their content in a way that's never been tried before."

Felser predicted that competitors may have trouble offering a similar service. He said that had Grouper not been part of Sony, the deal may not have ever gotten done.

Even as a unit of Sony, Grouper had to wait until it received the proper rights clearances, video from Sony's library was pulled, and contracts with actors and other creators were checked for clauses that may prevent such an offering.

More than Half of Top 25 U.S. Web Properties Generate More Traffic from Outside the U.S. than from Within

Lion’s Share of Visitors to Top 5 U.S. Web Properties – Yahoo!, Time Warner, Microsoft, Google and eBay – Come from Outside the U.S.

London, UK, November 9, 2006 – comScore Networks, a leader in measuring the digital age, today released the results of a study showing that 14 of the top 25 U.S. Web properties attract more traffic from people outside the U.S. than from within. Among them are the Top 5 Web properties in the U.S. – Yahoo! Sites, Time Warner Network, Microsoft Sites, Google Sites and eBay.

“As Internet usage outside the U.S. has grown rapidly from a small base, the U.S. share of the world’s online population has fallen from 65 percent to less than 25 percent in the last 10 years,” [that sort of explains it, doesn't it? Bob] said Bob Ivins, managing director of comScore Europe. “The fact that more than three-quarters of the traffic to Google, Yahoo!, and Microsoft is now coming from outside of the U.S. is indicative of what a truly global medium the Internet has become.”

... Some sites do not attract a substantial percentage of international visitors. Examples include U.S.-based, telecommunications/ cable companies such as Verizon and AT&T, media entities including Fox (owners of MySpace), New York Times Digital, and CBS, and major U.S. retailers, banks and airlines such as Target, Wal-Mart, Bank of America and United.

Is this headline an attempt to attract students to computer science programs?

The cost of college is constantly on the rise. The average cost of attending a four-year public college has increased over 40% since 2000. And according to a report from the Campaign for America's Future (PDF link), just one year at a public university consumes 25% of the annual median household income in the United States, while one year at a private university consumes 57%. Considering how expensive it is becoming to attend college, it's no wonder that approximately $90 billion in financial aid money is awarded to United States college students each year. So you're about to go to college, or perhaps you're already in college. How can you get your hands on this money?

Thursday, November 09, 2006

The Department of Homeland Security today published a notice in the Federal Register disclosing the existence of a "new system of records" -- the Automated Targeting System (ATS) -- that assigns "risk assessments" to millions of U.S. citizens who seek "to enter or exit the United States" or whose work involves international trade. The system appears to involve the data-mining of massive amounts of information derived from a wide variety of sources, including Passenger Name Record (PNR) data obtained from commercial air carriers.

The "risk assessments" generated by the system will be retained for "up to forty years," according to DHS, in order to "cover the potential lifespan of individuals associated with terrorism or other criminal activity." But wait -- just because you're currently innocent, that doesn't mean you get a free pass. As the notice goes on to explain,

All risk assessments need to be maintained because the risk assessment for individuals who are deemed low risk will be relevant if their risk profile changes in the future, for example, if terrorist associations are identified.

DHS has exempted all of the data contained in the ATS from the "access" and "correction" requirements of the Privacy Act of 1974, which means that citizens have no right to learn about their own "risk assessments" or to challenge them. Franz Kafka, call your office . .

Google accidentally sent out e-mail containing a mass mailing worm to about 50,000 members of an e-mail discussion list focused on its Google Video Blog, the company said Tuesday.

"On Tuesday evening, three posts were made to the Google Video Blog-group that should not have been posted," Google said in a statement, posted late Tuesday night.

"Some of these posts may have contained a virus called W32/Kapser.A@mm -- a mass mailing worm. If you think you have downloaded this virus from the group or an e-mail message, we recommend you run your antivirus program to remove it," said the statement, which was attributed to the Google Video Team.

... Stricker did not have any more details on how Google ended up distributing the worm code, but he said that internal protocols are now in place to prevent this from happening again.

Google has seen a growing number of technical glitches lately, something observers are attributing to the company's break-neck growth over the past few years. One month ago, hackers found a way to publish a fake post on Google's official blog. The company also experienced service disruptions with its Blogger service recently that have left some users fuming.

Still, Google isn't the only company to accidentally distribute malware on a mailing list, according to Graham Cluley, a senior technology consultant with security vendor Sophos. "Even mailing lists run by security firms have sometimes accidentally had malware posted to them," he said in an e-mail interview. "But everyone can learn a lesson." [Can they? Bob]

I have this idea for a software program to mimic students, allowing them to “take an online course” without the need to sit at their computers – just point my software at the class and a few weeks later you get an “A” What do you think? Do I have a market or what?

Roughly one in six students enrolled in higher education - about 3.2 million people - took at least one online course last fall, a sharp increase defying predictions that online learning growth is leveling off.

A new report scheduled for released Thursday by The Sloan Consortium, a group of colleges pursuing online programs, estimates that 850,000 more students took online courses in the fall of 2005 than the year before, an increase of nearly 40 percent. Last year, the group had reported slowing growth, prompting speculation the trend had hit a ceiling.

A group of international data and privacy protection commissioners has decided to act together to challenge the surveillance society which they claim is developing. Commissioners from the UK, France, Germany and New Zealand will adopt common policies.

At the annual Conference of Data Protection and Information Commissioners, held last week in London, a joint set of objectives was adopted by the international commissioners aimed at tackling what they see as a growing international issue of constant citizen surveillance.

"The protection of citizens' personal data is vital for any society, on the same level as freedom of the press or freedom of movement," said the communiqué adopted by commissioners. "As our societies are increasingly dependent on the use of information technologies, and personal data is collected or generated at a growing scale, it has become more essential than ever that individual liberties and other legitimate interests of citizens are adequately respected."

The document calls on data and privacy commissioners to support the establishment of an international convention on data protection, which was first agreed on by commissioners in 2005.

"This initiative must be supported by DPAs with the competent institutions," said the document. "DPAs should endeavour to promote this initiative in their respective spheres of influence, in particular within the regional organisations or linguistic zones to which they belong. The need for global solutions respecting privacy and data protection may arise in specific sectors (e.g. internet governance, financial transactions, air transport) and must then be addressed by DPAs with all appropriate means."

The commissioners say international cooperation is vital because foreign precedents are often used by a government to justify action that erodes citizens' rights.

"National governments often use the argument that such and such a country has already put a system into place to attack their national data protection authorities for their reluctance to accept the same system without discussion," says the commissioners' document. "This causes serious problems of harmonisation and makes it necessary for DPAs to think together on the basis of common denominators."

The conference was hosted by the UK and the adoption of a set of common aims welcomed by UK Information Commissioner Richard Thomas. "We have debated the issue of surveillance society in detail," Thomas said. "The challenges facing society and commissioners are substantial, not just in terms of surveillance but also due to rapid technological developments. I fully support this initiative and it is encouraging to see data protection and privacy commissioners around the world committed to ensuring data protection remains relevant and effective."

Last week Thomas warned that the UK had become a surveillance society, and that the constant monitoring of individuals' actions by public and private bodies was creating social division. A report produced for the commissioner's office said that in the future wealthy people would be made more mobile by surveillance, while poorer people would find it harder to be physically and economically mobile because of social profiling based on data gathering.

TOPLESS sunbathers should be protected by stronger privacy laws, an academic says.

Queensland University of Technology (QUT) law lecturer Kelley Burton wants the state Government to make it a criminal offence to film or photograph topless sunbathers and distribute the pictures on the internet.

Ms Burton said laws which protected people from being photographed in private places such as bathrooms, toilets, bedrooms and communal change rooms should be extended to public places.

She said undressing in public didn't mean sunbathers gave up the right to privacy.

"I think when a woman is sunbathing topless she is merely consenting to other people observing her with the naked eye, in that place," she said.

"Her consent doesn't stretch to other people photographing her and then exposing the photographs all over the internet."

Tougher legislation was also needed to make it illegal to photograph children in public places without their consent, Ms Burton said.

But the proposed changes would not effect people who accidentally included children or sunbathers in the background of their happy-snaps.

Ms Burton will hold a free seminar, entitled Minding Your Own Business: Your Legal Right At Privacy at QUT on November 22.

Refining the PORN business model? This will become much more interesting as third word countries create “data havens” where you can store your data on their (encrypted) servers and surf the internet anonymously.

A Pennsylvania Superior Court decision issued late last week has shed light on a legal loophole that appears to let off the hook those who view child pornography on their computers but don't save those images on their hard drives.

Ruling on an issue of first impression, the three-judge panel in Commonwealth v. Diodoro concluded that merely looking at child pornography on the Internet -- without intentionally saving or downloading any images viewed -- does not amount to "knowing possession" of child porn as proscribed in Pennsylvania's Crimes and Offenses Code.

"We note that it is well within the power of the Legislature to criminalize the act of viewing child pornography on a Web site without saving the image," Judge Richard B. Klein wrote. "The language used in [the relevant statute], however, is simply 'possession.' Because this is a penal statute with an ambiguous term when it comes to computer technology, it must be construed strictly and in favor of the defendant.

"A defendant must have fair notice that his conduct is criminal. Because of the ambiguity, sufficient notice was not provided here. For this reason, we are constrained to reverse [Delaware County Common Pleas Judge Joseph P. Cronin Jr.] and leave it to the Legislature to clarify the language if it intends to make the mere 'viewing' of child pornography a crime."

Klein was joined by Judge John L. Musmanno and Senior Judge Patrick R. Tamilia.

The facts of the case were not in dispute, according to Klein's opinion.

However, the prosecution was never able to put forward any evidence that Diodoro had intentionally downloaded or saved those images to his hard drive, or been aware that the images were being automatically added to his Internet browser's cache.

"The commonwealth presented no evidence that Diodoro knew that the pornographic images were being saved to a hidden file or that he could retrieve it relatively easily," Klein wrote.

Section 6312(d) of the Crimes and Offenses Code prohibits possession or control of any type of media -- including computer images -- that depict children under the age of 18 engaging in sexual acts.

Klein noted that federal anti-child porn laws address not only the possession of prohibited images, but also the knowing receipt of them.

"Yet even under federal jurisprudence, the mere viewing of images on the Internet does not constitute the crime of possession of child pornography absent knowledge that the images are being saved," he wrote.

Klein went on to write that his own analysis of anti-child pornography precedent from various federal and state jurisdictions revealed that intentional possession is always a prerequisite for upholding convictions under such laws.

He also called attention to a 2002 decision from the 8th U.S. Circuit Court of Appeals in which the defendant was found to have been properly acquitted of possessing child pornography images found in his browser's cache.

"We hold that absent specific statutory language prohibiting the mere viewing of pornographic images or evidence that the defendant knowingly downloaded or saved pornographic images to his hard drive or knew that the Web browser cached the images, he cannot be criminally liable for viewing images on his computer screen," Klein wrote.

Delaware County Deputy District Attorney Michael Galantino was the trial attorney in Diodoro.

Galantino said it's too soon to comment on the potential ramifications of the panel's holding.

He also said that his office's appellate division will be reviewing the opinion before deciding whether to appeal.

Diodoro's attorney in the matter, Media solo practitioner Mark Much, was not immediately available for comment, but Much's paralegal, George Litterer, described Diodoro as a "unique" but ultimately "simple" case.

"He would view [the images] on the Internet, but he would not save anything," Litterer said of Diodoro. "That's what this case turned on."

There's a fascinating, if somewhat confusingly titled, post on Slashdot discussing a lawsuit in Washington state against a spammer. Washington State, of course, put in place one of the earliest anti-spammer laws, allowing individuals to sue spammers for $500/spam if they can track down the spammer. A few people have done nicely forcing local spammers to pay up. In one such case, however, the spammer countered by getting a computer "expert" to demand from the judge that the spammer get an image copy of the accuser's hard drive to look at the "evidence." Even under normal conditions this would be ridiculous -- but it was even more ridiculous here because the spam messages in question were sent to webmail accounts at Hotmail and Yahoo Mail, meaning that they never directly touched the recipient's hard drive. It was clearly a tactic designed to frustrate the guy suing the spammer -- and, unfortunately, it worked. The judge agreed with the "expert" that the hard drive image should be turned over to the spammer. The Slashdot article is confusing, because that's the story it gives, but the title says that the person doesn't have to hand over the hard drive. The explanation appears to be that the guy in question has "settled" the case with the spammer before he needed to hand over his hard drive, though terms of the deal aren't clear at all. Either way, this is a bad decision and will encourage other similar tactics when spammers are brought to court in the future. Hopefully, other judges will recognize that this serves no good purpose other than intimidation and won't allow it.

No doubt Radio Shack will start selling a “Pervert-locating” device for vigilantes.

If the creepy guy next door suddenly stops wearing shorts, he may have an eye in the sky to blame.

Just a few years ago, satellite tracking of convicts was a newfangled alternative to house arrest. Now, the number of American ex-offenders tracked through GPS-equipped ankle bracelets will likely triple to more than 30,000, thanks to the passage of a California ballot measure.

California's Proposition 83, which easily passed Tuesday by a margin of 70 percent to 30 percent, requires many convicted sex offenders to be monitored by GPS for life. Only those who committed felonies and served time in prison will be affected.

At least 11 other states have recently considered GPS tracking legislation, with some inspired by the 2005 murder of a Florida girl, allegedly by a registered sex offender. Florida's high-profile legislation was named "Jessica's Law" in her honor, and talk-show host Bill O'Reilly has been pushing for passage of similar laws elsewhere.

But there's a hitch: The ankle bracelets -- usually accompanied by digital-pager-size transmitters -- are hardly criminal-proof. Convicts can easily cut the bracelets off and run away as their probation officer gets an alarm and tries to contact the local police. For health reasons, the bracelets aren't designed to be permanent.

... Another company has created an all-in-one GPS tracking device that doesn't require a separate bracelet and transmitter, although it's bulky. And then there's an approach that's positively Maxwell Smart-ian: At least one model is equipped with a speakerphone, allowing overseers to contact offenders via their ankles.

Posted by ScuttleMonkey on Wednesday November 08, @02:04PM from the part-of-your-job-to-explain-it-in-their-terms dept.

Schneier is reporting that the Department of Homeland Security has decided to delve into why upper management doesn't "get" IT security threats. The results aren't terribly surprising to those in the trenches, stating that most executives view security as something akin to facilities management. "Thankfully", the $495 report (if you aren't a "Conference Board associate") helps tell you how to handle the situation.

Posted by ScuttleMonkey on Wednesday November 08, @05:42PM from the that-web-fad-will-never-catch-on dept. Software IT

Cathy writes "An article by Harvard's Andrew McAfee tells nontechnical managers how not to get overwhelmed by the 'drumbeat' of IT projects. McAfee breaks down IT into three categories — functional, network, and enterprise — and says that this framework 'can also indicate which IT initiatives are going to be relatively easy to implement and on which projects executives should focus. In that light, IT management starts to look less like a black art and more like the work of the executive.'"

Privacy International and EPIC Launch Privacy and Human Rights Global Study: "Each year since 1997, the Electronic Privacy Information Center and Privacy International have undertaken what has now become the most comprehensive survey of global privacy ever published. The Privacy & Human Rights Report surveys developments in 70 countries, assessing the state of technology, surveillance and privacy protection. The most recent report published in 2006 is probably the most comprehensive single volume report published in the human rights field. The report runs to almost 1,200 pages and includes about 6,000 footnotes. More than 200 experts from around the world have provided materials and commentary. The participants range from law students studying privacy to high-level officials charged with safeguarding constitutional freedoms in their countries. Academics, human rights advocates, journalists and researchers provided reports, insight, documents and advice."

Microsoft Corp. (Nasdaq:MSFT - news) has agreed to pay Universal Music Group a fee for each new Zune digital music player it sells when the iPod rival launches next week, the companies said on Thursday.

The groundbreaking deal could redefine the digital music business pioneered by Apple Computer Inc. (Nasdaq:AAPL - news)

Rivals including cell phone makers eventually could pay for hardware sales as well as for the music itself, Universal said.

... There have been calls for a so-called iPod tax in some countries including Canada, Netherlands and the UK to help music companies who have lost sales [and can't figure out how to compete in the modern world. Bob] to digital piracy, mainly through peer-to-peer file sharing over the Internet.

Links

About Me

I live in Centennial Colorado. (I'm not actually 100 years old., but I hope to be some day.) I'm an independant computer consultant, specializing in solving problems that traditional IT personnel tend to have difficulty with... That includes everything from inventorying hardware & software, to converting systems & data, to training end-users. I particularly enjoy taking on projects that IT has attempted several times before with no success. I also teach at two local Universities: everything from Introduction to Microcomputers through Business Continuity and Security Management. My background includes IT Audit, Computer Security, and a variety of unique IT projects.